Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 30 Sep 2015 11:07:28 +0200
From: Florian Weimer <>
Subject: Re: CVE request: urlfetch range handling flaw in Cyrus

On 09/29/2015 01:01 PM, Martin Prpic wrote:
> Hi, was a CVE ID assigned for the following issue?
> "Security fix: handle urlfetch range starting outside message range"
> []
> Not many details seem to be available about this issue. Any pointers to
> a patch that fixes this would be greatly appreciated.

This looks like the relevant fix:

This patch seems to fix an information disclosure (out of bounds heap read).

The patch may be incomplete because n could become negative.  I'll ask
on the cyrus-devel list once my subscription request goes through.

This otherwise unrelated commits might be security-relevant as well:

Florian Weimer / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ